WOT logo

What to do when your social media accounts are hacked

What to do when social media hacked
Several high profile Facebook and Twitter accounts have recently been hacked. It is not only the rich and famous who have had their accounts compromised. Having your social media accounts hacked can feel like your entire life has been stolen from you. But there are some hidden risks alongside this personal discomfort you may feel when it happens. Here are some of the first things you should do once your account has been compromised and a few tips to prevent it from happening in the first place.

Risks associated with a hacked profile

Depending on how much information you have placed on your social media profiles, a hacked or hijacked profile can cause catastrophic damage to you. A hijacked profile allows whoever controls your profile to do whatever they want, which includes spamming your friends, family, coworkers and other malicious activity including forced shares and forced follows. Some social media accounts are hijacked to force Facebook shares. On the surface, this doesn’t sound too malicious, however; let’s say your friends are rock metal fans and they click on a forced share on your page Facebook hackers have planted, which directs them to a page full of phishing scams and malware.

A hacked profile could force follows to other accounts which may include your account becoming hacked as part of a larger scheme to hack other accounts and force them to follow one specific account. The account your profile is forced to follow might lead to a fraudulent brand which can be used to spread malware.

How do you know your account has been accessed?

You may have a difficult time knowing if your account was compromised since the hijacker may be placing small subtle changes to your account such as sending out an occasional message. Pay attention to these signs that your account may be compromised:

  • Friend requests you didn’t send, automated favorites, follows, unfollows, and likes.
  • Changes to pictures on your profile.
  • Unauthorized push or email notifications from a social network or a warning that your profile email has changed.
  • Unauthorized app or game purchases.
  • Unauthorized status updates or tweets.

Best practices to prevent your social media accounts from being hacked

One of the best things you can do to keep your social media profiles secured is change your password regularly such as once a quarter and use a strong password every time. Never share your passwords across different platforms – meaning, use a unique password for every site.

Most social media sites support two-step authentication. This means you will be required to enter a password and a special number sent to your mobile device or email to gain access. This practice makes it much more difficult for hackers to access your account.

To better understand the most common attacks such as brute force, man in the middle attacks, phishing, and Trojan horses, you can protect yourself from each by following these steps:

Man in the middle attack:

Encrypt your information by selecting a well ranked VPN.

man in the middle attack

Brute Force attack:

Have complex passwords that contain a minimum of 12 characters that include a mix of uncommon words with upper case and lower case letters along with numbers and special characters.

complex passwords brute force attacks

Phishing attempts:

Verify the web address of anyone claiming they need your information to ensure it is a legitimate request. Enter the site direct from the main link and navigate through to see if the request is real since hackers use redirect links all the time.

clickbait phishing

Trojan horses:

Verify the site you download from. Dozens of sites known as “warez” sites are built and designed as Trojan horses. Go to the main source for direct downloads and install strong antivirus software to catch Trojan horses before they appear on your machine by setting the settings to scan all downloads before saving them to your device storage. Once a Trojan has made its way in, it is only a matter of time before it does what it is designed to do.

protect against trojan horse

What do you do if your account has been hacked?

If your account has already been hacked, you can still save it by:

  • Scanning your devices and computers for malware, Trojans, and viruses.
  • Removing malware and following the procedures to recover from identity theft.
  • Immediately changing your password.
  • Revoking permissions to third party apps or services.
  • Changing the password on other accounts if you used a shared password.
  • Report phishing and other types of scams sent from your account to the site so they can attempt to stop it from spreading.
  • Letting everyone know your account has been hacked by calling or emailing them so they are aware.
  • Contacting the social media site’s help desk and ask if they can temporarily suspend your account while you get it cleared up.

You can also contact social network sites through phone or email through the links below:

Use the following links to manage apps on popular social networks:


3 Responses

  1. My account was hacked through the app on my mobile phone. Yes I had anti-virus running. No it did not catch it as it was most likely some other app I installed that compromised it.

  2. You say to “Encrypt your information by selecting a well ranked VPN.” however this more than likely does nothing to help the situation. The top social media companies already use end-to-end encryption, and if you have a MITM issue it is almost certainly due to a malicious root certificate installed in your computer, and malicious spying due to malware on your computer or LAN. The only way to mitigate this is to remove the offending certificate and any malware associated with it.

  3. For Twitter, it’s important to check which apps have been authorized:

    And revoke access to any apps which are not used or seem suspicious. With write access, they can act on our behalf.

    Same for Google:

Leave a Reply

Your email address will not be published. Required fields are marked *